aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTodor Minchev <todor.minchev@linux.intel.com>2017-09-15 10:34:33 -0700
committerTodor Minchev <todor.minchev@linux.intel.com>2017-09-15 10:41:13 -0700
commitd34dd80e740cce726801e481be7722996d04ffca (patch)
treef6fee76f1276fc3e419674b0b792ac160221a6d8
downloadmeta-intel-clear-containers-d34dd80e740cce726801e481be7722996d04ffca.tar.gz
meta-intel-clear-containers-d34dd80e740cce726801e481be7722996d04ffca.tar.bz2
meta-intel-clear-containers-d34dd80e740cce726801e481be7722996d04ffca.zip
initial commitHEADmaster
Signed-off-by: Todor Minchev <todor.minchev@linux.intel.com>
-rw-r--r--COPYING.MIT17
-rw-r--r--README83
-rw-r--r--conf/layer.conf19
-rw-r--r--recipes-containers/containerd/containerd-docker_%.bbappend10
-rw-r--r--recipes-containers/containerd/containerd-opencontainers_%.bbappend9
-rw-r--r--recipes-containers/containerd/containerd.inc85
-rw-r--r--recipes-containers/docker/docker/0001-docker.service-add-clear-linux-oci-runtime.patch26
-rw-r--r--recipes-containers/docker/docker/context-use-golang.org-x-net-pkg-until-we-move-to-go.patch116
-rw-r--r--recipes-containers/docker/docker/docker-registry.service19
-rw-r--r--recipes-containers/docker/docker/docker.init126
-rw-r--r--recipes-containers/docker/docker/docker.service15
-rw-r--r--recipes-containers/docker/docker/hi.Dockerfile7
-rw-r--r--recipes-containers/docker/docker_%.bbappend53
-rw-r--r--recipes-containers/runc/runc-docker_%.bbappend11
-rw-r--r--recipes-containers/runc/runc-opencontainers_%.bbappend15
-rw-r--r--recipes-containers/runc/runc.inc58
-rw-r--r--recipes-containers/runc/runc/0001-nsexec-fix-build-against-musl-libc.patch48
-rw-r--r--recipes-devtools/cc-oci-artifacts/cc-image_16050.bb15
-rw-r--r--recipes-devtools/cc-oci-artifacts/cc-kernel_4.9.33-74.bb19
-rw-r--r--recipes-devtools/cc-oci-runtime/cc-oci-runtime/0001-configure.ac-set-defaul-qemu-patch-to-usr-local-bin.patch26
-rw-r--r--recipes-devtools/cc-oci-runtime/cc-oci-runtime/0001-hypervisor.in-set-default-machine-to-q35.patch26
-rw-r--r--recipes-devtools/cc-oci-runtime/cc-oci-runtime_git.bb37
-rw-r--r--recipes-devtools/qemu-cc/qemu-cc.bb85
-rw-r--r--recipes-extended/images/cloud-image-controller.bbappend1
-rw-r--r--recipes-extended/images/cloud-image-guest.bbappend1
-rw-r--r--recipes-kernel/linux/linux-yocto/intel-clear-containers.cfg1
-rw-r--r--recipes-kernel/linux/linux-yocto/intel-clear-containers.scc3
-rw-r--r--recipes-kernel/linux/linux-yocto_4.10.bbappend3
-rw-r--r--recipes-kernel/linux/linux-yocto_4.9.bbappend3
29 files changed, 937 insertions, 0 deletions
diff --git a/COPYING.MIT b/COPYING.MIT
new file mode 100644
index 0000000..89de354
--- /dev/null
+++ b/COPYING.MIT
@@ -0,0 +1,17 @@
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/README b/README
new file mode 100644
index 0000000..299a5da
--- /dev/null
+++ b/README
@@ -0,0 +1,83 @@
+This layer enables the clear containers runtime (cc-oci-runtime) for Docker:
+
+Details about the Clear Containers project can be found at:
+
+https://github.com/01org/cc-oci-runtime
+
+https://clearlinux.org/features/intel%C2%AE-clear-containers
+
+Dependencies
+============
+
+This layer depends on:
+
+ URL: git://git.yoctoproject.org/poky.git
+ layers: meta meta-poky meta-yocto-bsp
+ branch: pyro
+
+ URL: git://git.openembedded.org/meta-openembedded
+ layers: meta-oe meta-python meta-networking meta-filesystems
+ branch: pyro
+
+ URI: git://git.yoctoproject.org/meta-virtualization
+ branch: master
+
+Patches
+=======
+
+Please submit any patches for meta-intel-clear-containers layer to the
+meta-intel mailing list (meta-intel@yoctoproject.org):
+
+
+Table of Contents
+=================
+
+ I. Adding the meta-intel-clear-containers layer to your build
+ II. Misc
+
+
+I. Adding the meta-intel-clear-containers layer to your build
+=================================================
+
+The clear containers runtime can be added to your images with the cc-oci-runtime recipe.
+
+Example (add to conf/local.conf):
+IMAGE_INSTALL_append += " cc-oci-runtime "
+
+In order to use this layer, you need to make the build system aware of
+it.
+
+Assuming the meta-intel-clear-containers layer exists at the top-level of your
+yocto build tree, you can add it to the build system by adding the
+location of the meta-intel-clear-containers layer to bblayers.conf, along with any
+other layers needed. e.g.:
+
+ BBLAYERS ?= " \
+ /path/to/yocto/meta \
+ /path/to/yocto/meta-poky \
+ /path/to/yocto/meta-yocto-bsp \
+ /path/to/yocto/meta-openembedded/meta-oe \
+ /path/to/yocto/meta-openembedded/meta-python \
+ /path/to/yocto/meta-openembedded/meta-networking \
+ /path/to/yocto/meta-openembedded/meta-filesystems \
+ /path/to/yocto/meta-virtualization \
+ /path/to/yocto/meta-intel-clear-containers \
+ "
+
+II. Misc
+========
+* Clear Containers depends on the following kernel module.
+It will be automatically enabled for 3.9.* and 3.10.* kernels
+
+CONFIG_VHOST_NET=m
+
+* To modify the amount of memory available to QEMU. Add the following variable to your conf/local.conf
+
+QEMU_CC_MEM = "2G,slots=2,maxmem=2G"
+
+* When building docker with clear containers support, the default docker runtime will be set to cor (cc-oci-runtime). To change the default docker runtime, please modify the docker.service file and restart docker.
+
+Example for runc (docker.service):
+
+ExecStart=/usr/bin/dockerd -D --add-runtime cor=/usr/bin/cc-oci-runtime.sh --default-runtime=runc -H fd://
+
diff --git a/conf/layer.conf b/conf/layer.conf
new file mode 100644
index 0000000..1fc78b4
--- /dev/null
+++ b/conf/layer.conf
@@ -0,0 +1,19 @@
+# We have a conf and classes directory, add to BBPATH
+BBPATH .= ":${LAYERDIR}"
+
+# We have recipes-* directories, add to BBFILES
+BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \
+ ${LAYERDIR}/recipes-*/*/*.bbappend"
+
+BBFILE_COLLECTIONS += "meta-intel-clear-containers"
+BBFILE_PATTERN_meta-intel-clear-containers = "^${LAYERDIR}/"
+BBFILE_PRIORITY_meta-intel-clear-containers = "6"
+
+LAYERDEPENDS_intel-clear-containers-layer = "openembedded-layer"
+LAYERDEPENDS_intel-clear-containers-layer += "virtualization-layer"
+
+# Docker requires systemd
+DISTRO_FEATURES_append = " systemd"
+VIRTUAL-RUNTIME_init_manager = "systemd"
+DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit"
+VIRTUAL-RUNTIME_initscripts = "systemd-compat-units"
diff --git a/recipes-containers/containerd/containerd-docker_%.bbappend b/recipes-containers/containerd/containerd-docker_%.bbappend
new file mode 100644
index 0000000..f6dcaec
--- /dev/null
+++ b/recipes-containers/containerd/containerd-docker_%.bbappend
@@ -0,0 +1,10 @@
+include containerd.inc
+
+SRCREV = "03e5862ec0d8d3b3f750e19fca3ee367e13c090e"
+SRC_URI = "\
+ git://github.com/docker/containerd.git;branch=docker-1.13.x \
+ "
+CONTAINERD_VERSION = "0.2.3"
+
+PROVIDES += "virtual/containerd"
+RPROVIDES_${PN} = "virtual/containerd"
diff --git a/recipes-containers/containerd/containerd-opencontainers_%.bbappend b/recipes-containers/containerd/containerd-opencontainers_%.bbappend
new file mode 100644
index 0000000..37f8547
--- /dev/null
+++ b/recipes-containers/containerd/containerd-opencontainers_%.bbappend
@@ -0,0 +1,9 @@
+include containerd.inc
+
+SRCREV = "0ac3cd1be170d180b2baed755e8f0da547ceb267"
+SRC_URI = "git://github.com/docker/containerd.git;nobranch=1 \
+ "
+CONTAINERD_VERSION = "0.2.2"
+
+PROVIDES += "virtual/containerd"
+RPROVIDES_${PN} = "virtual/containerd"
diff --git a/recipes-containers/containerd/containerd.inc b/recipes-containers/containerd/containerd.inc
new file mode 100644
index 0000000..b143979
--- /dev/null
+++ b/recipes-containers/containerd/containerd.inc
@@ -0,0 +1,85 @@
+HOMEPAGE = "https://github.com/docker/containerd"
+SUMMARY = "containerd is a daemon to control runC"
+DESCRIPTION = "containerd is a daemon to control runC, built for performance and density. \
+ containerd leverages runC's advanced features such as seccomp and user namespace \
+ support as well as checkpoint and restore for cloning and live migration of containers."
+
+# Apache-2.0 for containerd
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE.code;md5=aadc30f9c14d876ded7bedc0afd2d3d7"
+
+S = "${WORKDIR}/git"
+
+PV = "${CONTAINERD_VERSION}+git${SRCREV}"
+
+inherit go
+
+RRECOMMENDS_${PN} = "lxc docker"
+CONTAINERD_PKG="github.com/docker/containerd"
+
+do_configure[noexec] = "1"
+
+do_compile() {
+ export GOARCH="${TARGET_ARCH}"
+ # supported amd64, 386, arm arm64
+ if [ "${TARGET_ARCH}" = "x86_64" ]; then
+ export GOARCH="amd64"
+ fi
+ if [ "${TARGET_ARCH}" = "aarch64" ]; then
+ export GOARCH="arm64"
+ fi
+ if [ "${TARGET_ARCH}" = "i586" ]; then
+ export GOARCH="386"
+ fi
+
+ # Set GOPATH. See 'PACKAGERS.md'. Don't rely on
+ # docker to download its dependencies but rather
+ # use dependencies packaged independently.
+ cd ${S}
+ rm -rf .gopath
+ mkdir -p .gopath/src/"$(dirname "${CONTAINERD_PKG}")"
+ ln -sf ../../../.. .gopath/src/"${CONTAINERD_PKG}"
+ export GOPATH="${S}/.gopath:${S}/vendor:${STAGING_DIR_TARGET}/${prefix}/local/go"
+ export GOROOT="${STAGING_DIR_NATIVE}/${nonarch_libdir}/${HOST_SYS}/go"
+ cd -
+
+ # Pass the needed cflags/ldflags so that cgo
+ # can find the needed headers files and libraries
+ export CGO_ENABLED="1"
+ export CFLAGS=""
+ export LDFLAGS=""
+ export CGO_CFLAGS="${BUILDSDK_CFLAGS} --sysroot=${STAGING_DIR_TARGET}"
+ export CGO_LDFLAGS="${BUILDSDK_LDFLAGS} --sysroot=${STAGING_DIR_TARGET}"
+ export CC_FOR_TARGET="${TARGET_PREFIX}gcc ${TARGET_CC_ARCH} --sysroot=${STAGING_DIR_TARGET}"
+ export CXX_FOR_TARGET="${TARGET_PREFIX}g++ ${TARGET_CC_ARCH} --sysroot=${STAGING_DIR_TARGET}"
+
+ oe_runmake static
+}
+
+# Note: disabled for now, since docker is launching containerd
+# inherit systemd
+# SYSTEMD_PACKAGES = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${PN}','',d)}"
+# SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','containerd.service','',d)}"
+
+do_install() {
+ mkdir -p ${D}/${bindir}
+
+ cp ${S}/bin/containerd ${D}/${bindir}/containerd
+ cp ${S}/bin/containerd-shim ${D}/${bindir}/containerd-shim
+ cp ${S}/bin/ctr ${D}/${bindir}/containerd-ctr
+
+ ln -sf containerd ${D}/${bindir}/docker-containerd
+ ln -sf containerd-shim ${D}/${bindir}/docker-containerd-shim
+ ln -sf containerd-ctr ${D}/${bindir}/docker-containerd-ctr
+
+ if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+ install -d ${D}${systemd_unitdir}/system
+ install -m 644 ${S}/hack/containerd.service ${D}/${systemd_unitdir}/system
+ # adjust from /usr/local/bin to /usr/bin/
+ sed -e "s:/usr/local/bin/containerd:${bindir}/docker-containerd -l \"unix\:///var/run/docker/libcontainerd/docker-containerd.sock\":g" -i ${D}/${systemd_unitdir}/system/containerd.service
+ fi
+}
+
+FILES_${PN} += "${systemd_system_unitdir}/*"
+
+INHIBIT_PACKAGE_STRIP = "1"
diff --git a/recipes-containers/docker/docker/0001-docker.service-add-clear-linux-oci-runtime.patch b/recipes-containers/docker/docker/0001-docker.service-add-clear-linux-oci-runtime.patch
new file mode 100644
index 0000000..f127726
--- /dev/null
+++ b/recipes-containers/docker/docker/0001-docker.service-add-clear-linux-oci-runtime.patch
@@ -0,0 +1,26 @@
+From 3d8de3552b778d26f6783edebb7e97ed39e93d0c Mon Sep 17 00:00:00 2001
+From: Todor Minchev <todor.minchev@linux.intel.com>
+Date: Tue, 15 Aug 2017 16:09:49 -0700
+Subject: [PATCH] docker.service add clear linux oci runtime
+
+Signed-off-by: Todor Minchev <todor.minchev@linux.intel.com>
+---
+ contrib/init/systemd/docker.service | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/contrib/init/systemd/docker.service b/contrib/init/systemd/docker.service
+index 8bfed93c7..5a730e618 100644
+--- a/contrib/init/systemd/docker.service
++++ b/contrib/init/systemd/docker.service
+@@ -9,7 +9,7 @@ Type=notify
+ # the default is not to use systemd for cgroups because the delegate issues still
+ # exists and systemd currently does not support the cgroup feature set required
+ # for containers run by docker
+-ExecStart=/usr/bin/dockerd -H fd://
++ExecStart=/usr/bin/dockerd -D --add-runtime cor=/usr/bin/cc-oci-runtime.sh --default-runtime=cor -H fd://
+ ExecReload=/bin/kill -s HUP $MAINPID
+ LimitNOFILE=1048576
+ # Having non-zero Limit*s causes performance problems due to accounting overhead
+--
+2.13.2
+
diff --git a/recipes-containers/docker/docker/context-use-golang.org-x-net-pkg-until-we-move-to-go.patch b/recipes-containers/docker/docker/context-use-golang.org-x-net-pkg-until-we-move-to-go.patch
new file mode 100644
index 0000000..240b744
--- /dev/null
+++ b/recipes-containers/docker/docker/context-use-golang.org-x-net-pkg-until-we-move-to-go.patch
@@ -0,0 +1,116 @@
+From de69555afaf05efcdeea7b7c20c6f7b12f3e1bac Mon Sep 17 00:00:00 2001
+From: Mark Asselstine <mark.asselstine@windriver.com>
+Date: Fri, 20 Jan 2017 11:58:44 -0500
+Subject: [PATCH] context: use golang.org/x/net pkg until we move to go 1.7
+
+In go 1.6 the context.go is not yet integrated and as such we will get
+build errors like:
+
+walwrap.go:4:2: cannot find package "context" in any of:
+...
+
+Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
+---
+ client/README.md | 2 +-
+ client/client.go | 2 +-
+ daemon/info_unix.go | 2 +-
+ integration-cli/docker_api_attach_test.go | 2 +-
+ integration-cli/docker_cli_save_load_unix_test.go | 2 +-
+ vendor/github.com/docker/swarmkit/manager/logbroker/subscription.go | 2 +-
+ vendor/github.com/docker/swarmkit/manager/state/raft/storage/walwrap.go | 2 +-
+ 7 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/client/README.md b/client/README.md
+index 059dfb3..9de54aa 100644
+--- a/client/README.md
++++ b/client/README.md
+@@ -8,7 +8,7 @@ For example, to list running containers (the equivalent of `docker ps`):
+ package main
+
+ import (
+- "context"
++ "golang.org/x/net/context"
+ "fmt"
+
+ "github.com/docker/docker/api/types"
+diff --git a/client/client.go b/client/client.go
+index a9bdab6..95933af 100644
+--- a/client/client.go
++++ b/client/client.go
+@@ -19,7 +19,7 @@ For example, to list running containers (the equivalent of "docker ps"):
+ package main
+
+ import (
+- "context"
++ "golang.org/x/net/context"
+ "fmt"
+
+ "github.com/docker/docker/api/types"
+diff --git a/daemon/info_unix.go b/daemon/info_unix.go
+index 9c41c0e..57f8a7b 100644
+--- a/daemon/info_unix.go
++++ b/daemon/info_unix.go
+@@ -3,7 +3,7 @@
+ package daemon
+
+ import (
+- "context"
++ "golang.org/x/net/context"
+ "os/exec"
+ "strings"
+
+diff --git a/integration-cli/docker_api_attach_test.go b/integration-cli/docker_api_attach_test.go
+index d43bf3a..e5802a7 100644
+--- a/integration-cli/docker_api_attach_test.go
++++ b/integration-cli/docker_api_attach_test.go
+@@ -3,7 +3,7 @@ package main
+ import (
+ "bufio"
+ "bytes"
+- "context"
++ "golang.org/x/net/context"
+ "io"
+ "net"
+ "net/http"
+diff --git a/integration-cli/docker_cli_save_load_unix_test.go b/integration-cli/docker_cli_save_load_unix_test.go
+index 22445e5..d0afc8c 100644
+--- a/integration-cli/docker_cli_save_load_unix_test.go
++++ b/integration-cli/docker_cli_save_load_unix_test.go
+@@ -3,7 +3,7 @@
+ package main
+
+ import (
+- "context"
++ "golang.org/x/net/context"
+ "fmt"
+ "io/ioutil"
+ "os"
+diff --git a/vendor/github.com/docker/swarmkit/manager/logbroker/subscription.go b/vendor/github.com/docker/swarmkit/manager/logbroker/subscription.go
+index 6b3295a..cbfcf7e 100644
+--- a/vendor/github.com/docker/swarmkit/manager/logbroker/subscription.go
++++ b/vendor/github.com/docker/swarmkit/manager/logbroker/subscription.go
+@@ -1,7 +1,7 @@
+ package logbroker
+
+ import (
+- "context"
++ "golang.org/x/net/context"
+ "fmt"
+ "strings"
+ "sync"
+diff --git a/vendor/github.com/docker/swarmkit/manager/state/raft/storage/walwrap.go b/vendor/github.com/docker/swarmkit/manager/state/raft/storage/walwrap.go
+index 5a6c71a..efe5921 100644
+--- a/vendor/github.com/docker/swarmkit/manager/state/raft/storage/walwrap.go
++++ b/vendor/github.com/docker/swarmkit/manager/state/raft/storage/walwrap.go
+@@ -1,7 +1,7 @@
+ package storage
+
+ import (
+- "context"
++ "golang.org/x/net/context"
+ "io"
+ "io/ioutil"
+ "os"
+--
+2.7.4
+
diff --git a/recipes-containers/docker/docker/docker-registry.service b/recipes-containers/docker/docker/docker-registry.service
new file mode 100644
index 0000000..7b4bc46
--- /dev/null
+++ b/recipes-containers/docker/docker/docker-registry.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=docker private registry service
+After=docker.service
+
+[Service]
+ExecStartPre=-/usr/bin/docker kill registry
+ExecStartPre=-/usr/bin/docker rm registry
+ExecStart=/usr/bin/docker run --name registry -v /mirror/registry:/tmp/ -p 5000:5000 \
+ -e "STANDALONE=true" \
+ -e "MIRROR_SOURCE=https://registry-1.docker.io" \
+ -e "MIRROR_SOURCE_INDEX=https://index.docker.io" \
+ -e "SETTINGS_FLAVOR=local" \
+ registry
+ExecStop=-/usr/bin/docker stop registry
+Restart=always
+RestartSec=10s
+
+[Install]
+WantedBy=multi-user.target
diff --git a/recipes-containers/docker/docker/docker.init b/recipes-containers/docker/docker/docker.init
new file mode 100644
index 0000000..9c01c75
--- /dev/null
+++ b/recipes-containers/docker/docker/docker.init
@@ -0,0 +1,126 @@
+#!/bin/sh
+#
+# /etc/rc.d/init.d/docker
+#
+# Daemon for docker.com
+#
+# chkconfig: 2345 95 95
+# description: Daemon for docker.com
+
+### BEGIN INIT INFO
+# Provides: docker
+# Required-Start: $network cgconfig
+# Required-Stop:
+# Should-Start:
+# Should-Stop:
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: start and stop docker
+# Description: Daemon for docker.com
+### END INIT INFO
+
+# Source function library.
+. /etc/init.d/functions
+
+prog="docker"
+unshare=/usr/bin/unshare
+exec="/usr/bin/$prog"
+pidfile="/var/run/$prog.pid"
+lockfile="/var/lock/subsys/$prog"
+logfile="/var/log/$prog"
+
+[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
+
+start() {
+ [ -x $exec ] || exit 5
+
+ check_for_cleanup
+
+ if ! [ -f $pidfile ]; then
+ printf "Starting $prog:\t"
+ echo "\n$(date)\n" >> $logfile
+ "$unshare" -m -- $exec -d $other_args &>> $logfile &
+ pid=$!
+ touch $lockfile
+ # wait up to 10 seconds for the pidfile to exist. see
+ # https://github.com/docker/docker/issues/5359
+ tries=0
+ while [ ! -f $pidfile -a $tries -lt 10 ]; do
+ sleep 1
+ tries=$((tries + 1))
+ done
+ success
+ echo
+ else
+ failure
+ echo
+ printf "$pidfile still exists...\n"
+ exit 7
+ fi
+}
+
+stop() {
+ echo -n $"Stopping $prog: "
+ killproc $prog
+ retval=$?
+ echo
+ [ $retval -eq 0 ] && rm -f $lockfile
+ return $retval
+}
+
+restart() {
+ stop
+ start
+}
+
+reload() {
+ restart
+}
+
+force_reload() {
+ restart
+}
+
+rh_status() {
+ status -p $pidfile $prog
+}
+
+rh_status_q() {
+ rh_status >/dev/null 2>&1
+}
+
+
+check_for_cleanup() {
+ if [ -f ${pidfile} ]; then
+ /bin/ps -fp $(cat ${pidfile}) > /dev/null || rm ${pidfile}
+ fi
+}
+
+case "$1" in
+ start)
+ $1
+ ;;
+ stop)
+ $1
+ ;;
+ restart)
+ $1
+ ;;
+ reload)
+ $1
+ ;;
+ force-reload)
+ force_reload
+ ;;
+ status)
+ status
+ ;;
+ condrestart|try-restart)
+ restart
+ ;;
+ *)
+ echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
+ exit 2
+esac
+
+exit $?
diff --git a/recipes-containers/docker/docker/docker.service b/recipes-containers/docker/docker/docker.service
new file mode 100644
index 0000000..eaa3319
--- /dev/null
+++ b/recipes-containers/docker/docker/docker.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Docker Application Container Engine
+Documentation=http://docs.docker.com
+After=network.target docker.socket
+Requires=docker.socket
+
+[Service]
+ExecStart=/usr/bin/docker daemon -H fd:// --registry-mirror=http://localhost:5000 --insecure-registry=http://localhost:5000 --raw-logs
+MountFlags=slave
+LimitNOFILE=1048576
+LimitNPROC=1048576
+LimitCORE=infinity
+
+[Install]
+WantedBy=multi-user.target
diff --git a/recipes-containers/docker/docker/hi.Dockerfile b/recipes-containers/docker/docker/hi.Dockerfile
new file mode 100644
index 0000000..9af6805
--- /dev/null
+++ b/recipes-containers/docker/docker/hi.Dockerfile
@@ -0,0 +1,7 @@
+FROM debian
+
+MAINTAINER amy.fong@windriver.com
+
+RUN apt-get update && apt-get install figlet
+
+ENTRYPOINT [ "/usr/bin/figlet", "hi" ]
diff --git a/recipes-containers/docker/docker_%.bbappend b/recipes-containers/docker/docker_%.bbappend
new file mode 100644
index 0000000..7e041d2
--- /dev/null
+++ b/recipes-containers/docker/docker_%.bbappend
@@ -0,0 +1,53 @@
+SRCREV_docker = "49bf474f9ed7ce7143a59d1964ff7b7fd9b52178"
+SRCREV_libnetwork="0f534354b813003a754606689722fe253101bc4e"
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+SRC_URI = "\
+ git://github.com/docker/docker.git;nobranch=1;name=docker \
+ git://github.com/docker/libnetwork.git;branch=master;name=libnetwork;destsuffix=libnetwork \
+ file://docker.init \
+ file://hi.Dockerfile \
+ file://context-use-golang.org-x-net-pkg-until-we-move-to-go.patch \
+ file://0001-docker.service-add-clear-linux-oci-runtime.patch \
+ "
+
+# Apache-2.0 for docker
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=aadc30f9c14d876ded7bedc0afd2d3d7"
+
+DOCKER_VERSION = "1.13.0"
+RDEPENDS_${PN} += "kernel-module-vhost kernel-module-vhost-net"
+
+do_compile() {
+ # Set GOPATH. See 'PACKAGERS.md'. Don't rely on
+ # docker to download its dependencies but rather
+ # use dependencies packaged independently.
+ cd ${S}
+ rm -rf .gopath
+ mkdir -p .gopath/src/"$(dirname "${DOCKER_PKG}")"
+ ln -sf ../../../.. .gopath/src/"${DOCKER_PKG}"
+
+ mkdir -p .gopath/src/github.com/docker
+ ln -sf ../../../../../libnetwork .gopath/src/github.com/docker/libnetwork
+
+ export GOPATH="${S}/.gopath:${S}/vendor:${STAGING_DIR_TARGET}/${prefix}/local/go"
+ export GOROOT="${STAGING_DIR_NATIVE}/${nonarch_libdir}/${HOST_SYS}/go"
+ cd -
+
+ # Pass the needed cflags/ldflags so that cgo
+ # can find the needed headers files and libraries
+ export CGO_ENABLED="1"
+ export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}"
+ export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}"
+ # in order to exclude devicemapper and btrfs - https://github.com/docker/docker/issues/14056
+ export DOCKER_BUILDTAGS='exclude_graphdriver_btrfs exclude_graphdriver_devicemapper'
+
+ # this is the unsupported built structure
+ # that doesn't rely on an existing docker
+ # to build this:
+ DOCKER_GITCOMMIT="${SRCREV}" \
+ ./hack/make.sh dynbinary
+
+ # build the proxy
+ go build -o ${S}/docker-proxy github.com/docker/libnetwork/cmd/proxy
+}
+
diff --git a/recipes-containers/runc/runc-docker_%.bbappend b/recipes-containers/runc/runc-docker_%.bbappend
new file mode 100644
index 0000000..96d48ca
--- /dev/null
+++ b/recipes-containers/runc/runc-docker_%.bbappend
@@ -0,0 +1,11 @@
+include runc.inc
+
+# Note: this rev is before the required protocol field, update when all components
+# have been updated to match.
+SRCREV = "2f7393a47307a16f8cee44a37b262e8b81021e3e"
+SRC_URI = "git://github.com/docker/runc.git;nobranch=1 \
+ "
+
+RUNC_VERSION = "1.0.0-rc2"
+PROVIDES += "virtual/runc"
+RPROVIDES_${PN} = "virtual/runc"
diff --git a/recipes-containers/runc/runc-opencontainers_%.bbappend b/recipes-containers/runc/runc-opencontainers_%.bbappend
new file mode 100644
index 0000000..4a6e8cd
--- /dev/null
+++ b/recipes-containers/runc/runc-opencontainers_%.bbappend
@@ -0,0 +1,15 @@
+include runc.inc
+
+SRCREV = "75f8da7c889acc4509a0cf6f0d3a8f9584778375"
+SRC_URI = "git://github.com/opencontainers/runc;branch=master \
+ "
+RUNC_VERSION = "1.0.0-rc3"
+PROVIDES += "virtual/runc"
+RPROVIDES_${PN} = "virtual/runc"
+
+do_compile_prepend() {
+ # Go looks in a src directory under any directory in GOPATH but
+ # runc-opencontainers uses 'vendor' instead of 'vendor/src'. We can fix
+ # this with a symlink.
+ ln -sfn . "${S}/vendor/src"
+}
diff --git a/recipes-containers/runc/runc.inc b/recipes-containers/runc/runc.inc
new file mode 100644
index 0000000..4808547
--- /dev/null
+++ b/recipes-containers/runc/runc.inc
@@ -0,0 +1,58 @@
+HOMEPAGE = "https://github.com/opencontainers/runc"
+SUMMARY = "runc container cli tools"
+DESCRIPTION = "runc is a CLI tool for spawning and running containers according to the OCI specification."
+
+# Apache-2.0 for containerd
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=435b266b3899aa8a959f17d41c56def8"
+
+S = "${WORKDIR}/git"
+
+PV = "${RUNC_VERSION}+git${SRCREV}"
+
+inherit go
+RRECOMMENDS_${PN} = "lxc docker"
+
+LIBCONTAINER_PACKAGE="github.com/opencontainers/runc/libcontainer"
+
+do_configure[noexec] = "1"
+EXTRA_OEMAKE="BUILDTAGS=''"
+
+inherit goarch
+
+do_compile() {
+ export GOARCH="${TARGET_GOARCH}"
+ export GOROOT="${STAGING_LIBDIR_NATIVE}/${TARGET_SYS}/go"
+ # Set GOPATH. See 'PACKAGERS.md'. Don't rely on
+ # docker to download its dependencies but rather
+ # use dependencies packaged independently.
+ cd ${S}
+ rm -rf .gopath
+ dname=`dirname "${LIBCONTAINER_PACKAGE}"`
+ bname=`basename "${LIBCONTAINER_PACKAGE}"`
+ mkdir -p .gopath/src/${dname}
+
+ (cd .gopath/src/${dname}; ln -sf ../../../../../${bname} ${bname})
+ export GOPATH="${S}/.gopath:${S}/vendor:${STAGING_DIR_TARGET}/${prefix}/local/go"
+ export GOROOT="${STAGING_DIR_NATIVE}/${nonarch_libdir}/${HOST_SYS}/go"
+ cd -
+
+ # Pass the needed cflags/ldflags so that cgo
+ # can find the needed headers files and libraries
+ export CGO_ENABLED="1"
+ export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}"
+ export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}"
+ export CFLAGS=""
+ export LDFLAGS=""
+
+ oe_runmake static
+}
+
+do_install() {
+ mkdir -p ${D}/${bindir}
+
+ cp ${S}/runc ${D}/${bindir}/runc
+ ln -sf runc ${D}/${bindir}/docker-runc
+}
+
+INHIBIT_PACKAGE_STRIP = "1"
diff --git a/recipes-containers/runc/runc/0001-nsexec-fix-build-against-musl-libc.patch b/recipes-containers/runc/runc/0001-nsexec-fix-build-against-musl-libc.patch
new file mode 100644
index 0000000..aa57636
--- /dev/null
+++ b/recipes-containers/runc/runc/0001-nsexec-fix-build-against-musl-libc.patch
@@ -0,0 +1,48 @@
+From ac6bd953192fa6752a07be7501f69f7cffe33e8e Mon Sep 17 00:00:00 2001
+From: Natanael Copa <natanael.copa@docker.com>
+Date: Tue, 19 Apr 2016 10:43:00 +0200
+Subject: [PATCH] nsexec: fix build against musl libc
+
+Remove a wrongly added include which was added in commit 3c2e77ee (Add a
+compatibility header for CentOS/RHEL 6, 2016-01-29) apparently to
+fix this compile error on centos 6:
+
+> In file included from
+> Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c:20:
+> /usr/include/linux/netlink.h:35: error: expected specifier-qualifier-list before 'sa_family_t'
+
+The glibc bits/sockaddr.h says that this header should never be included
+directly[1]. Instead, sys/socket.h should be used.
+
+The problem was correctly fixed later, in commit 394fb55 (Fix build
+error on centos6, 2016-03-02) so the incorrect bits/sockaddr.h can
+safely be removed.
+
+This is needed to build musl libc.
+
+Fixes #761
+
+[1]: https://github.molgen.mpg.de/git-mirror/glibc/blob/20003c49884422da7ffbc459cdeee768a6fee07b/bits/sockaddr.h#L20
+
+Signed-off-by: Natanael Copa <natanael.copa@docker.com>
+Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
+Upstream-status: Backport
+---
+ libcontainer/nsenter/nsexec.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c
+index 8f37d6c..40a8f89 100644
+--- a/libcontainer/nsenter/nsexec.c
++++ b/libcontainer/nsenter/nsexec.c
+@@ -18,7 +18,6 @@
+ #include <unistd.h>
+ #include <grp.h>
+
+-#include <bits/sockaddr.h>
+ #include <linux/types.h>
+
+ // All arguments should be above the stack because it grows down
+--
+2.1.4
+
diff --git a/recipes-devtools/cc-oci-artifacts/cc-image_16050.bb b/recipes-devtools/cc-oci-artifacts/cc-image_16050.bb
new file mode 100644
index 0000000..1849e94
--- /dev/null
+++ b/recipes-devtools/cc-oci-artifacts/cc-image_16050.bb
@@ -0,0 +1,15 @@
+LICENSE = "GPLv2"
+ERROR_QA_remove = "license-checksum"
+
+SRC_URI = "https://download.clearlinux.org/releases/16050/clear/clear-${PV}-containers.img.xz"
+SRC_URI[md5sum] = "8d6003d6e44a5278d57367b7000d97da"
+SRC_URI[sha256sum] = "1a78b0a1e43552528a820ff6f7eaf3f3fb15b2d71b629eb103911f10b15b449f"
+
+FILES_${PN} += "/usr/share/clear-containers/*"
+
+do_install_append () {
+ cd ${WORKDIR} ; rm -f clear-containers.img
+ ln -s clear-${PV}-containers.img clear-containers.img
+ mkdir -p ${D}/usr/share/clear-containers/
+ cp -rf ${WORKDIR}/clear*-containers.img ${D}/usr/share/clear-containers/
+}
diff --git a/recipes-devtools/cc-oci-artifacts/cc-kernel_4.9.33-74.bb b/recipes-devtools/cc-oci-artifacts/cc-kernel_4.9.33-74.bb
new file mode 100644
index 0000000..5d03ffb
--- /dev/null
+++ b/recipes-devtools/cc-oci-artifacts/cc-kernel_4.9.33-74.bb
@@ -0,0 +1,19 @@
+SUMMARY = "The Linux kernel optimized for running inside a container"
+DESCRIPTION = "The Linux kernel."
+HOMEPAGE = "http://www.kernel.org/"
+
+LICENSE = "GPLv2"
+ERROR_QA_remove = "license-checksum"
+
+SRC_URI = "http://download.clearlinux.org/releases/16050/clear/x86_64/os/Packages/linux-container-${PV}.x86_64.rpm"
+SRC_URI[md5sum] = "69f268d45c3dfee82f1afbd479534e08"
+SRC_URI[sha256sum] = "0f915e1b18ddcdd13fb339d3cc7b9857297dd1340f69dde504012f3e644c4293"
+
+FILES_${PN} += "/usr/share/clear-containers/*"
+
+do_unpack[depends] += "xz-native:do_populate_sysroot"
+
+do_install_append () {
+ cp -rf ${WORKDIR}/usr ${D}/usr
+}
+
diff --git a/recipes-devtools/cc-oci-runtime/cc-oci-runtime/0001-configure.ac-set-defaul-qemu-patch-to-usr-local-bin.patch b/recipes-devtools/cc-oci-runtime/cc-oci-runtime/0001-configure.ac-set-defaul-qemu-patch-to-usr-local-bin.patch
new file mode 100644
index 0000000..e867d02
--- /dev/null
+++ b/recipes-devtools/cc-oci-runtime/cc-oci-runtime/0001-configure.ac-set-defaul-qemu-patch-to-usr-local-bin.patch
@@ -0,0 +1,26 @@
+From ae42e6f3516b322d6bca9b82f6c4a64cad37024a Mon Sep 17 00:00:00 2001
+From: Todor Minchev <todor.minchev@linux.intel.com>
+Date: Mon, 28 Aug 2017 14:41:56 -0700
+Subject: [PATCH] configure.ac: set defaul qemu patch to /usr/local/bin
+
+Signed-off-by: Todor Minchev <todor.minchev@linux.intel.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 44292af..bb03068 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -212,7 +212,7 @@ AC_ARG_WITH([cc-image-bootchart-config-dir],
+ AM_CONDITIONAL([CC_IMAGE_BOOTCHART_CONFIG],[test x"$WITH_CC_IMAGE_BOOTCHART_CONFIG" != xno])
+
+ #Check for qemu
+-DEFAULT_QEMU_PATH=/usr/bin/qemu-system-x86_64
++DEFAULT_QEMU_PATH=/usr/local/bin/qemu-system-x86_64
+
+ AC_ARG_WITH([qemu-path],
+ [AS_HELP_STRING([--with-qemu-path=[[QEMU-PATH]]],
+--
+2.13.2
+
diff --git a/recipes-devtools/cc-oci-runtime/cc-oci-runtime/0001-hypervisor.in-set-default-machine-to-q35.patch b/recipes-devtools/cc-oci-runtime/cc-oci-runtime/0001-hypervisor.in-set-default-machine-to-q35.patch
new file mode 100644
index 0000000..c4da06d
--- /dev/null
+++ b/recipes-devtools/cc-oci-runtime/cc-oci-runtime/0001-hypervisor.in-set-default-machine-to-q35.patch
@@ -0,0 +1,26 @@
+From ae7006fbd25a243a83f35d5372a02ca34e05ba3a Mon Sep 17 00:00:00 2001
+From: Todor Minchev <todor.minchev@linux.intel.com>
+Date: Mon, 28 Aug 2017 15:07:54 -0700
+Subject: [PATCH] hypervisor.in: set default machine to q35
+
+Signed-off-by: Todor Minchev <todor.minchev@linux.intel.com>
+---
+ data/hypervisor.args.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/data/hypervisor.args.in b/data/hypervisor.args.in
+index b96016b..7095503 100644
+--- a/data/hypervisor.args.in
++++ b/data/hypervisor.args.in
+@@ -2,7 +2,7 @@
+ -name
+ @NAME@
+ -machine
+-pc-lite,accel=kvm,kernel_irqchip,nvdimm
++q35,accel=kvm,kernel_irqchip,nvdimm,nosmm,nosmbus,nosata,nopit,nofw
+ -device
+ nvdimm,memdev=mem0,id=nv0
+ -object
+--
+2.13.2
+
diff --git a/recipes-devtools/cc-oci-runtime/cc-oci-runtime_git.bb b/recipes-devtools/cc-oci-runtime/cc-oci-runtime_git.bb
new file mode 100644
index 0000000..4e63748
--- /dev/null
+++ b/recipes-devtools/cc-oci-runtime/cc-oci-runtime_git.bb
@@ -0,0 +1,37 @@
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263"
+
+inherit systemd
+SYSTEMD_SERVICE_${PN} = "cc-proxy.service"
+
+SRC_URI = "git://git@github.com/01org/cc-oci-runtime.git;protocol=https \
+ file://0001-configure.ac-set-defaul-qemu-patch-to-usr-local-bin.patch \
+ file://0001-hypervisor.in-set-default-machine-to-q35.patch \
+ "
+
+SRCREV = "fdce5d7c941c0af3a2b18246c62cabf890e7664f"
+
+DISABLE_STATIC = ""
+PACKAGECONFIG_CONFARGS = " "
+
+RDEPENDS_${PN} = "qemu-cc cc-image cc-kernel tunctl docker docker-contrib connman connman-client"
+DEPENDS = " autoconf-archive-native gnome-common go-native json-glib libcheck libmnl util-linux glib-2.0"
+QEMU_CC_MEM ?= "256M,slots=2,maxmem=1G"
+
+S = "${WORKDIR}/git"
+FILES_${PN} += "/lib/systemd/system/* \
+ /usr/share/defaults/* "
+
+inherit pkgconfig autotools
+
+EXTRA_OECONF = " --disable-valgrind-sgcheck --disable-functional-tests --enable-autogopath --disable-docker-tests --disable-metrics-tests --disable-crio-tests --disable-valgrind-drd"
+
+do_configure_append() {
+ cp -rfp ${S}/vendor ${S}/../build/
+ cp -rfp ${S}/proxy ${S}/../build/
+ sed -i -e "s/^2G,slots=2,maxmem=3G/${QEMU_CC_MEM}/" ${S}/../build/data/hypervisor.args
+}
+
+do_compile() {
+ oe_runmake
+}
diff --git a/recipes-devtools/qemu-cc/qemu-cc.bb b/recipes-devtools/qemu-cc/qemu-cc.bb
new file mode 100644
index 0000000..b9b2d8a
--- /dev/null
+++ b/recipes-devtools/qemu-cc/qemu-cc.bb
@@ -0,0 +1,85 @@
+SUMMARY = "Fast open source processor emulator"
+HOMEPAGE = "https://github.com/clearcontainers/qemu"
+LICENSE = "GPLv2 & LGPLv2.1"
+DEPENDS = "zlib libcap-ng glib-2.0 pixman attr libcap"
+
+DISABLE_STATIC = ""
+inherit pkgconfig
+
+LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=79ffa0ec772fa86740948cb7327a0cc7 \
+ file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac"
+
+SRC_URI = "gitsm://github.com/clearcontainers/qemu.git;protocol=https;branch=qemu-lite-v2.9.0"
+
+PV = "2.9"
+SRCREV = "a2e6957b6fcbf9be3c5146657ba9ae1dddf3ec70"
+
+S = "${WORKDIR}/git"
+FILES_${PN} += "/usr/local/* \
+ /usr/var/* "
+INSANE_SKIP_${PN} = "already-stripped"
+
+EXTRA_OECONF = " \
+ --disable-tools \
+ --disable-libssh2 \
+ --disable-tcmalloc \
+ --disable-glusterfs \
+ --disable-seccomp \
+ --disable-bzip2 \
+ --disable-snappy \
+ --disable-lzo \
+ --disable-usb-redir \
+ --disable-libusb \
+ --disable-libnfs \
+ --disable-tcg-interpreter \
+ --disable-debug-tcg \
+ --disable-libiscsi \
+ --disable-rbd \
+ --disable-spice \
+ --disable-attr \
+ --disable-cap-ng \
+ --disable-linux-aio \
+ --disable-brlapi \
+ --disable-vnc-jpeg \
+ --disable-vnc-png \
+ --disable-vnc-sasl \
+ --disable-rdma \
+ --disable-bluez \
+ --disable-fdt \
+ --disable-curl \
+ --disable-curses \
+ --disable-sdl \
+ --disable-gtk \
+ --disable-tpm \
+ --disable-vte \
+ --disable-vnc \
+ --disable-xen \
+ --disable-opengl \
+ --disable-slirp \
+ --disable-strip \
+ --enable-trace-backend=nop \
+ --enable-virtfs \
+ --enable-attr \
+ --enable-cap-ng \
+ --extra-cflags=-Wno-format-truncation \
+ --extra-cflags=-Wno-maybe-uninitialized \
+ --prefix=/usr/local \
+ --target-list=x86_64-softmmu "
+
+do_configure() {
+ ${S}/configure ${EXTRA_OECONF}
+}
+
+do_compile() {
+ oe_runmake
+}
+
+do_install() {
+ oe_runmake install DESTDIR='${D}'
+ rm -rf ${D}/usr/local/share/qemu/openbios-ppc
+ rm -rf ${D}/usr/local/share/qemu/openbios-sparc32
+ rm -rf ${D}/usr/local/share/qemu/openbios-sparc64
+ rm -rf ${D}/usr/local/share/qemu/s390-ccw.img
+ rm -rf ${D}/usr/local/share/qemu/palcode-clipper
+ rm -rf ${D}/usr/local/share/qemu/u-boot.e500
+}
diff --git a/recipes-extended/images/cloud-image-controller.bbappend b/recipes-extended/images/cloud-image-controller.bbappend
new file mode 100644
index 0000000..51b720c
--- /dev/null
+++ b/recipes-extended/images/cloud-image-controller.bbappend
@@ -0,0 +1 @@
+IMAGE_FSTYPES_remove = "wic.vmdk"
diff --git a/recipes-extended/images/cloud-image-guest.bbappend b/recipes-extended/images/cloud-image-guest.bbappend
new file mode 100644
index 0000000..51b720c
--- /dev/null
+++ b/recipes-extended/images/cloud-image-guest.bbappend
@@ -0,0 +1 @@
+IMAGE_FSTYPES_remove = "wic.vmdk"
diff --git a/recipes-kernel/linux/linux-yocto/intel-clear-containers.cfg b/recipes-kernel/linux/linux-yocto/intel-clear-containers.cfg
new file mode 100644
index 0000000..4dd9712
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto/intel-clear-containers.cfg
@@ -0,0 +1 @@
+CONFIG_VHOST_NET=m
diff --git a/recipes-kernel/linux/linux-yocto/intel-clear-containers.scc b/recipes-kernel/linux/linux-yocto/intel-clear-containers.scc
new file mode 100644
index 0000000..a19f579
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto/intel-clear-containers.scc
@@ -0,0 +1,3 @@
+define KFEATURE_DESCRIPTION "Enable clearcon support"
+define KFEATURE_COMPATIBILITY board
+kconf non-hardware intel-clear-containers.cfg
diff --git a/recipes-kernel/linux/linux-yocto_4.10.bbappend b/recipes-kernel/linux/linux-yocto_4.10.bbappend
new file mode 100644
index 0000000..a8a17a2
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto_4.10.bbappend
@@ -0,0 +1,3 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+SRC_URI += "file://intel-clear-containers.scc"
+KERNEL_MODULE_AUTOLOAD += "vhost-net"
diff --git a/recipes-kernel/linux/linux-yocto_4.9.bbappend b/recipes-kernel/linux/linux-yocto_4.9.bbappend
new file mode 100644
index 0000000..a8a17a2
--- /dev/null
+++ b/recipes-kernel/linux/linux-yocto_4.9.bbappend
@@ -0,0 +1,3 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+SRC_URI += "file://intel-clear-containers.scc"
+KERNEL_MODULE_AUTOLOAD += "vhost-net"